← Back

Yellowfinbi

yellowfinbi

5 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Yellowfin
yellowfin
3 CVEs
Yellowfin Bi
yellowfin_bi
1 CVE
Business Intelligence
business_intelligence
1 CVE

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-19586
1Yellowfinbi
1Business Intelligence
Nov 21, 2024
Sep 14, 2022
N/A· v4
9.0 CRITICAL· v3
N/A· v2
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI.
CVE-2021-36389
1Yellowfinbi
1Yellowfin
Nov 21, 2024
Oct 14, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImag...Show more
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".Show less
CVE-2021-36388
1Yellowfinbi
1Yellowfin
Nov 21, 2024
Oct 14, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page...Show more
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".Show less
CVE-2021-36387
1Yellowfinbi
1Yellowfin
Nov 21, 2024
Oct 14, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4".
CVE-2019-1010147
2Bmc
Yellowfinbi
2Remedy Smart Reporting
Yellowfin Bi
Nov 21, 2024
Jul 26, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browse...Show more
Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. The fixed version is: 7.4 and later.Show less